Submitted URL: http://anti-covid-mask.ru/
Effective URL: https://anti-covid-mask.ru/?utm_referrer=
Submission: On May 31 via api from BE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3034::681f:5ce0, located in United States and belongs to CLOUDFLARENET, US. The main domain is anti-covid-mask.ru.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 3rd 2020. Valid for: 3 months.
This is the only time anti-covid-mask.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 4 2606:4700:303... 13335 (CLOUDFLAR...)
1 185.165.123.99 64432 (VARITI-AS)
3 2
Apex Domain
Subdomains
Transfer
4 anti-covid-mask.ru
anti-covid-mask.ru
13 KB
1 vchecks.me
ohio8.vchecks.me
1 KB
3 2
Domain Requested by
4 anti-covid-mask.ru 2 redirects anti-covid-mask.ru
1 ohio8.vchecks.me anti-covid-mask.ru
3 2

This site contains no links.

Subject Issuer Validity Valid
*.anti-covid-mask.ru
Let's Encrypt Authority X3
2020-05-03 -
2020-08-01
3 months crt.sh
ohio8.vchecks.me
Let's Encrypt Authority X3
2020-05-14 -
2020-08-12
3 months crt.sh

This page contains 1 frames:

Primary Page: https://anti-covid-mask.ru/?utm_referrer=
Frame ID: DC317B2022B6D3AD7D85CCF021D10E3F
Requests: 3 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://anti-covid-mask.ru/ HTTP 301
    https://anti-covid-mask.ru/ Page URL
  2. http://anti-covid-mask.ru/?utm_referrer= HTTP 301
    https://anti-covid-mask.ru/?utm_referrer= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

14 kB
Transfer

39 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://anti-covid-mask.ru/ HTTP 301
    https://anti-covid-mask.ru/ Page URL
  2. http://anti-covid-mask.ru/?utm_referrer= HTTP 301
    https://anti-covid-mask.ru/?utm_referrer= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://anti-covid-mask.ru/ HTTP 301
  • https://anti-covid-mask.ru/

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
anti-covid-mask.ru/
Redirect Chain
  • http://anti-covid-mask.ru/
  • https://anti-covid-mask.ru/
38 KB
12 KB
Document
General
Full URL
https://anti-covid-mask.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681f:5ce0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08bc048b387ea23a8c1d1552c349b1735e53795c255f179eecd2e492e9afe837

Request headers

:method
GET
:authority
anti-covid-mask.ru
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sun, 31 May 2020 05:08:49 GMT
content-type
text/html
set-cookie
__cfduid=dc102db003b7725925fcac8ab2c18f10e1590901729; expires=Tue, 30-Jun-20 05:08:49 GMT; path=/; domain=.anti-covid-mask.ru; HttpOnly; SameSite=Lax; Secure rerf=AAAAAF7TO+FfhFC3AwN0Ag==; expires=Tue, 30-Jun-20 05:08:49 GMT; path=/
vary
Accept-Encoding
x-iauth-set-uid
2:nrUjUTTaUIYlAjgu:1590901729336:nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==:0000
x-request-id
n8eEoxJrTCg1
cache-control
no-cache no-cache
expires
Sun, 31 May 2020 05:08:48 GMT
pragma
no-cache no-cache
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
cf-cache-status
DYNAMIC
cf-request-id
030abb002a000096da26bec200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
59be2de04f6596da-FRA
content-encoding
br

Redirect headers

Date
Sun, 31 May 2020 05:08:49 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Sun, 31 May 2020 06:08:49 GMT
Location
https://anti-covid-mask.ru/
cf-request-id
030abb000b0000175623355200000001
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
59be2de01b881756-FRA
n8eEoxJrTCg1
ohio8.vchecks.me/share/
849 B
1 KB
Script
General
Full URL
https://ohio8.vchecks.me/share/n8eEoxJrTCg1?sid=3582&scheme=http&host=anti-covid-mask.ru&uri=%2f%3futm_referrer%3d&t=1590901729336&sad=v%2fop5c%2bw%3d%3d&uid=nrUjUTTaUIYlAjgu&uct=1590901729336&kct=0&m=2&ver=7&flags=0&ua=6386828519903006346&v=ZpU695NsyGCQ5un-njiEWA&test=JrTCg1&fp=e0f7949a4958aab77511752e8b1c17fe_614336141_8d7612e8db321d8194a3de269d7545a1
Requested by
Host: anti-covid-mask.ru
URL: https://anti-covid-mask.ru/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.165.123.99 , Russian Federation, ASN64432 (VARITI-AS, RU),
Reverse DNS
Software
Variti/0.9.3a /
Resource Hash
7333427ddf8ceff8420893b7beacc515fc5bd689de0a6e8e9e2f2ac27f4cfaae

Request headers

Referer
https://anti-covid-mask.ru/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 31 May 2020 05:08:49 GMT
Server
Variti/0.9.3a
Transfer-Encoding
chunked
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
close
X-Request-ID
n8eaQjRMH0U1
Expires
Sun, 31 May 2020 05:08:49 GMT
Primary Request /
anti-covid-mask.ru/
Redirect Chain
  • http://anti-covid-mask.ru/?utm_referrer=
  • https://anti-covid-mask.ru/?utm_referrer=
571 B
244 B
Document
General
Full URL
https://anti-covid-mask.ru/?utm_referrer=
Requested by
Host: anti-covid-mask.ru
URL: https://anti-covid-mask.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681f:5ce0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53d85d8c4ee63eca18604bc5db5f1ad732c789c18c03e1ef5462a1364aba1da1

Request headers

:method
GET
:authority
anti-covid-mask.ru
:scheme
https
:path
/?utm_referrer=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dc102db003b7725925fcac8ab2c18f10e1590901729; rerf=AAAAAF7TO+FfhFC3AwN0Ag==; ipp_key=v1590901729336/v3394bd400b5e53a13cfc651638eca4afa04ab2/CQK0K1b82dlHh82jNRvo7w==; ipp_uid=1590901729336/nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==; ipp_uid1=1590901729336; ipp_uid2=nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://anti-covid-mask.ru/

Response headers

status
403
date
Sun, 31 May 2020 05:08:49 GMT
content-type
text/html
x-variti-ccr
1436051402:1
cf-cache-status
DYNAMIC
cf-request-id
030abb0279000096da26805200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
59be2de3f9aa96da-FRA
content-encoding
br

Redirect headers

Date
Sun, 31 May 2020 05:08:49 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Sun, 31 May 2020 06:08:49 GMT
Location
https://anti-covid-mask.ru/?utm_referrer=
cf-request-id
030abb02700000175623377200000001
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
59be2de3ea9c1756-FRA

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

6 Cookies

Domain/Path Name / Value
anti-covid-mask.ru/ Name: ipp_uid2
Value: nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==
anti-covid-mask.ru/ Name: ipp_uid1
Value: 1590901729336
anti-covid-mask.ru/ Name: ipp_uid
Value: 1590901729336/nrUjUTTaUIYlAjgu/6RnFUIw33eLUOAvOATt7HQ==
anti-covid-mask.ru/ Name: ipp_key
Value: v1590901729336/v3394bd400b5e53a13cfc651638eca4afa04ab2/CQK0K1b82dlHh82jNRvo7w==
anti-covid-mask.ru/ Name: rerf
Value: AAAAAF7TO+FfhFC3AwN0Ag==
.anti-covid-mask.ru/ Name: __cfduid
Value: dc102db003b7725925fcac8ab2c18f10e1590901729

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

anti-covid-mask.ru
ohio8.vchecks.me
185.165.123.99
2606:4700:3034::681f:5ce0
08bc048b387ea23a8c1d1552c349b1735e53795c255f179eecd2e492e9afe837
53d85d8c4ee63eca18604bc5db5f1ad732c789c18c03e1ef5462a1364aba1da1
7333427ddf8ceff8420893b7beacc515fc5bd689de0a6e8e9e2f2ac27f4cfaae